EP1340336A1 - Access control enhancements, network access unit and service provider server for delivery of video and other services - Google Patents

Access control enhancements, network access unit and service provider server for delivery of video and other services

Info

Publication number
EP1340336A1
EP1340336A1 EP01999074A EP01999074A EP1340336A1 EP 1340336 A1 EP1340336 A1 EP 1340336A1 EP 01999074 A EP01999074 A EP 01999074A EP 01999074 A EP01999074 A EP 01999074A EP 1340336 A1 EP1340336 A1 EP 1340336A1
Authority
EP
European Patent Office
Prior art keywords
channel
network
permitted
request
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP01999074A
Other languages
German (de)
French (fr)
Other versions
EP1340336B1 (en
Inventor
Brian Unitt
Michael Grant
Julian Cable
Lou Pino
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nortel Networks Ltd
Original Assignee
Nortel Networks Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=24914225&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP1340336(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Nortel Networks Ltd filed Critical Nortel Networks Ltd
Publication of EP1340336A1 publication Critical patent/EP1340336A1/en
Application granted granted Critical
Publication of EP1340336B1 publication Critical patent/EP1340336B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/15Flow control; Congestion control in relation to multipoint traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/78Architectures of resource allocation
    • H04L47/788Autonomous allocation of resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • H04L47/805QOS or priority aware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • H04L47/806Broadcast or multicast traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • H04L47/808User-type aware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2543Billing, e.g. for subscription services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/454Content or additional data filtering, e.g. blocking advertisements
    • H04N21/4542Blocking scenes or portions of the received content, e.g. censoring scenes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4622Retrieving content or additional data from different sources, e.g. from a broadcast channel and the Internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/478Supplemental services, e.g. displaying phone caller identification, shopping application
    • H04N21/4782Web browsing, e.g. WebTV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/64Addressing
    • H04N21/6405Multicasting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/643Communication protocols
    • H04N21/64322IP
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1859Arrangements for providing special services to substations for broadcast or conference, e.g. multicast adapted to provide push services, e.g. data channels

Definitions

  • the present invention relates to a method and apparatus for secure delivery of services over local access networks, and in particular shared medium access networks, and a system incorporating the same.
  • This invention relates to shared medium access networks, such as satellite, 10 LMDS, UMTS, cable modem or fibre in the loop access networks, in particular to fibre to the home (FTTH).
  • FTTH networks can be made more economic by sharing fibre facilities and head end equipment across a number of customers.
  • Passive Optical Networks (PONs) 15 fall into this category.
  • POS passive optical splitter
  • Traffic transmitted in the downstream direction appears at all outstations and is selected by a given outstation based on an address included in a header associated with each data packet.
  • a multiple access protocol is used to ensure that only one outstation transmits information at a time.
  • Such networks can be used to transmit multiple services to a customer, including 25 video services and data services.
  • a customer premises an Optical Network
  • ONU connects to the fibre network and provides one or more interfaces to which the customer can attach end user equipment.
  • This equipment might include one or more Set Top Boxes (STBs) for interfacing video services to a television set and one or more personal computers.
  • STBs Set Top Boxes
  • Each of these devices could 30 connect via, for example, an Ethernet interface.
  • the ONU will normally be supplied by the network operator who can control the software included within the ONU itself.
  • Devices attached to the Ethernet interfaces are often outside the control of the network operator and the end user may therefore be able to load software which is outside the control of the network operator.
  • Video services consist of television channels which can be selected for viewing by individual end users and can be classified into two categories: multicast and
  • Multicast video channels are viewed simultaneously by a number of users. Such channels may include, for example, standard broadcast channels, subscription channels (where the user pays a monthly fee for the right to view the channel whenever he wants) and pay per view channels (where the user pays to view a particular programme).
  • VOD channels are programmes requested by a particular user and supplied only to that user. Each VOD channel requires a dedicated data path from a video server within the network. Multicast channels avoid dedicated paths from the server to each user by including multicasting features in the data path, typically using a router situated at the head end of the access network. When the first user requests a multicast channel, that channel is delivered to the head end router from the server and a connection is made through the router to the access network.
  • IP Internet Protocol
  • IGMP Internet Group Management Protocol
  • IP networks a multicast stream is given a destination IP address drawn from a group of addresses reserved for multicast IP packets.
  • the destination MAC address is drawn from a group of addresses reserved for multicast Ethernet frames.
  • the address used represents the content of the multicast data stream rather than identifying a specific destination.
  • a shared medium network such as a PON
  • the invention seeks to provide an improved method and apparatus for overcoming one or more problems associated with the prior art.
  • a network access unit for restricting user access to signals transmitted on a local access network and comprising: a port for receiving a channel request from a user; a channel request vetting unit for vetting the request with respect to a predetermined list of permitted channels; a transmitter for forwarding the channel request responsive to the vetting.
  • the unit also comprises: a receiver arranged to receive control signals from a network headend for updating the permitted list.
  • a time is associated with at least one channel in the predetermined list of channels and in which the channel vetting unit vets a request for the at least one channel with respect to the time.
  • the local access network is a shared medium access network.
  • the unit is arranged to receive signals over an optical medium.
  • a customer premises equipment comprising a network access unit according to claim 1.
  • an optical access network comprising a network access unit according to claim 1.
  • a content service provider server arranged for connection to a network and comprising: a transmitter for transmitting one or more content channels and channel control signals to a remote network access unit containing a permitted channel list; in which the control signals are intended to update the permitted channel list so as to control subscriber access to the transmitted content channels.
  • control signals contain time-related information for association in the permitted list with one or more channels.
  • the invention also provides for a telecommunications system which comprises one or more instances of apparatus embodying the present invention, together with other additional apparatus.
  • the invention is also directed to a method by which the described apparatus operates and including method steps for carrying out every function of the apparatus.
  • a method of restricting user access to signals transmitted on a local access network comprising the steps of: receiving a channel request from a user at a first port; vetting the request with respect to a predetermined list of permitted channels; forwarding the request responsive to the vetting.
  • the method also comprises the steps of: receiving a control signal from a network headend; updating the permitted list responsive to the control signal.
  • the method also comprises the steps of: associating a time with at least one channel in the predetermined list of channels; vetting the request with respect to the time.
  • the channel request is carried in an IGMP message.
  • a method of operating a service provider server comprising the steps of : transmitting one or more content channels and channel control signals to a remote network access unit containing a permitted channel list; in which the control signals are intended to update the permitted channel list so as to control subscriber access to the transmitted control channels.
  • the method also comprises the steps of: receiving a user initiated request to change channel subscription details; transmitting a permitted channel list update signal responsive thereto to a remote network access unit associated with the user.
  • IGMP vetting function in customer premises equipment to provide secure multicast over a network.
  • IGMP vetting function and a network receive address filter in customer premises equipment to provide secure multicast over a network.
  • the invention is also directed to a program for a computer, comprising components arranged to perform each of the method functions.
  • a program for a computer on a machine readable medium arranged to: receive a channel request from a user at a first port; vet the request with respect to a predetermined list of permitted channels; forward the request responsive to the vetting.
  • a control signal intended for transmission to a network access unit having a permitted channel list comprising at least one message comprising network access unit permitted channel list update information.
  • the at least one message contains time-related information for association in the permitted channel list with one or more channels.
  • control signals comprise IGMP messages.
  • the aspects of the present invention provide improved security for multicast services (for example multicast video) with minimum increase in ONU complexity.
  • multicast services for example multicast video
  • the preferred features may be combined as appropriate, as would be apparent to a skilled person, and may be combined with any of the aspects of the invention.
  • Figure 1 shows a schematic diagram of a telecommunications network in accordance with the present invention
  • FIG. 2 shows a schematic diagram of an Optical Network Unit (ONU) in accordance with the present invention
  • FIG. 3 shows an example of multi-cast broadcast channel packages arrangement in accordance with the present invention.
  • Figure 4 shows a further schematic diagram of a telecommunications network in accordance with the present invention.
  • FIG. 1 there is shown a system overview of one possible embodiment of an end-to-end network for delivery of multicast video services incorporating a Passive Optical Network (PON) based access network. Only those elements relevant to the present invention are shown.
  • PON Passive Optical Network
  • the headend 10 comprises a Router 110 and one or more Optical Line Termination units (OLTs) 120-121.
  • the Router comprises a Packet Forwarder 111 and a signal processor 112
  • each OLT receives packets from the router, adds any protocol and control information needed to implement the PON protocol and converts the data stream to an optical signal for transmission onto the shared optical medium 20 to one or more end users.
  • the OLT 120 receives an optical signal which has been multiplexed onto the medium by one or more ONUs 30, and extracts the data stream to be sent to the Router for onward transmission.
  • the OLTs 120-121 may be physically integrated into the head end router 110.
  • a Video Server 40 acts as the source of multiple multicast video programmes, each of which is transmitted as a separate packet stream identified by an address in the packet header.
  • the data link 60 to the server will be a packet switched path across an IP network.
  • multiple additional servers would be used to deliver many services to the end user.
  • a Billing and Administration function, or unit, 50 holds information identifying which multicast streams each end user is entitled to receive.
  • each OLT connects to an optical network incorporating a signal splitter 210 such that a single OLT is able to exchange information with multiple ONUs 30 situated on end user premises.
  • the signal splitter 210 is a passive optical splitter.
  • Each ONU may connect to one or more end user information devices such as television Set Top Boxes (STBs) 70-71 and Personal Computers (PCs) 80 for video and data applications respectively.
  • end user information devices such as television Set Top Boxes (STBs) 70-71 and Personal Computers (PCs) 80 for video and data applications respectively.
  • STBs television Set Top Boxes
  • PCs Personal Computers
  • FIG. 2 shows an example of ONU 30 in more detail.
  • a Network Receive function 31 converts downstream optical signals from the network connection 211 into electrical signals and passes on to the Packet Filter 32 only those information packets intended for the attached user. Other packets directed to other PON users are blocked.
  • the addresses of packets to be passed through are contained in the Address List 33. In this arrangement, the Address List may be modified dynamically according to the video channel requested by the end user.
  • the Packet Filter 32 extracts from the packet stream those packets which are directed to the Management Processor function 34 within the ONU. Other packets are passed on to the Ethernet Switch 35 to which multiple end user information devices 70-71 , 80 are connected.
  • Information packets received by the ONU from end user devices 70-71 , 80 pass via the Ethernet Switch 35 to the Control Packet Filter 36.
  • Channel change requests from the end user are encapsulated into control packets by the Set Top Box 70-71 , and PC 80 and sent to the ONU.
  • Packets recognised as multicast video control packets are extracted and passed to the IGMP Vetting function 37.
  • Other packets are forwarded to the Network Transmit function 38 which implements the PON upstream transmission protocol and sends packets 212 via the local PON to the head end 10 at the appropriate time.
  • Multicast control packets sent to the IGMP Vetting function 37 are checked against the Permitted Channels list 39. If the requesting user is eligible to receive the requested channel, the IGMP Vetting function forwards the request to the head end via Network Transmit function 38.
  • the IGMP instead of blocking a request for a prohibited channel, the IGMP
  • Vetting function 37 may modify the content of the request packet and forward to the network a modified request to connect the end user device to a video stream inviting the user to subscribe to the service he has requested but is not yet eligible to receive.
  • the ONU 30 may send a message to the Billing and Administration system 50.
  • the Management Processor 34 is notified and it adds to the Address List 33 the multicast address which will be used in information packets carrying data for the selected channel. Such packets are then allowed through the Network Receive function 31 and forwarded to the Ethernet Switch 34 and thence to the end user information device 70-71 , 80.
  • IGMP messages are forwarded to a Signalling Processor 112 which instructs the Packet Forwarder 111 to add the new connection to the selected multicast stream so as to cause the stream to be forwarded to the end user via the OLT. Because the vetting function in the ONU ensures that no requests for unauthorised channels are passed to the network, no additional vetting is needed in the router.
  • the STB 70-71 , 80 may instead generate control messages in some other format which is interpreted by the ONU and translated to IGMP messages before forwarding to the OLT.
  • the ONU then act on the interpreted messages in a way similar to that described above for incoming IGMP messages.
  • the Permitted List 39 is populated from the head end 10 using management messages sent as part of the downstream traffic and delivered to the
  • the permitted list may take different forms depending on the implementation, including but not limited to: a list of specific channels which the customer is eligible to receive; a list of channels the customer is to be prevented from viewing; or a set of rules to be applied to a request to determine whether a given channel is to be permitted or not. (An example of a set of rules for this last alternative can be derived from the semantics of the Unix 'hosts.allow / hosts.deny' command.)
  • the system is preferably based on the Internet Protocol suite.
  • the IGMP Vetting function 37 is preferably performed using MAC addresses; in an ONU using routing (IP layer forwarding) the IGMP Vetting function 37 is preferably performed using IP addresses.
  • IP layer forwarding IP layer forwarding
  • blocking of prohibited incoming multicast channels via the Network Receive function may be performed using MAC address matching.
  • the mapping from IP layer multicast addresses to MAC layer multicast addresses uses IETF RFC 1112, and the IGMP Vetting function 37 is performed using MAC addresses, the IGMP Vetting function may also optionally check the destination multicast IP address.
  • the Network Receive function 31 may optionally also check the IP destination address, but preferably only if the MAC layer address matching function indicates that the user may be eligible to receive the designated stream.
  • the vetting function should preferably check both source and destination addresses to determine eligibility to receive a particular stream. Where SSM is used in conjunction with MAC layer vetting, the vetting function should preferably also check the IP addresses. Where SSM is used, the Network Receive function should also preferably check the IP addresses. Where SSM is used, preferably the Network Receive function should check the IP addresses only if an address match is detected at the MAC layer.
  • SSM source specific multicast
  • Protocol Stack such as MPEG-2/RTP/UDP/IP/PON Multi-cast Groups may be employed. Source addresses of IP and MAC are defined and transmitted.
  • All available video channels may be, and ideally are, provided to the OLT.
  • the OLT is arranged to set up and maintain receipt of all IP multi-cast channels. There may, for example be 200 channels provided by a single provider.
  • the OLT also filters out upstream IGMP requests.
  • Figure 3 shows how a set of channels may be mapped to multi-cast IP addresses.
  • the channels may be provided, on subscription or otherwise, in groups of channels, for example as a basic packages and one or more premium rate packages.
  • Set top box (STB) conventionally the allowable TV channel list is loaded by a service provider each time the STB boots up. It should be noted that this feature is for the convenience of the viewer, but does not protect the service against unauthorised access from an alternative information device such as a PC.
  • Set top boxes preferably use IGMP version 2, or a protocol having similar functionality.
  • a method for handling a first channel request from a user on, for example set top box #1 comprises the steps of:
  • STB 70 requests a channel (for example channe!2) by issuing a join IP multi-cast request for a specific channel IP address (for example) 225.0.1.2
  • the ONU receives IGMP join request
  • the ONU checks that the requested channel is on its list of allowable channels and sends an IGMP request for the selected channel (225.0.1.2) up to the headend unit 10 and starts listening for multicast signals on that address (225.0.1.2)
  • the headend unit 10 receives the IGMP request to join the channel (2).
  • the headend unit continues and may optionally log the IP address of the requesting STB.
  • the requested channel is streamed on to the requesting link by the headend and optionally the IP address of the requesting STB is logged.
  • the ONU 30 receives the video packets of channel 2 and forwards these streams onto the port of the requesting STB.
  • An example of a method for handling a channel change request from a user on, for example set top box #1 comprises the steps of:
  • a user on STB 70 currently watching a first channel presses a channel change to watch a second channel (for example, channel 3).
  • STB 70 transmits a leave message for channel 2 (leave IP multi-cast 225.0.1.2) and a join request for channel 3 (join IP multi-cast 225.0.1.3 )
  • the ONU 30 receives the IGMP leave request and sends it up to the headend 10. 4. The ONU 30 checks that channel 3 is on its list of allowable channels for that STB, and sends IGMP request for 225.0.1.3 up to the headend 10 and starts listening for transmission on the requested address (225.0.1.3).
  • the headend 10 receives the IGMP request to leave channel 2.
  • STB 70 was the only user requesting that channel on that link, transmission of that channel on that link may be suspended, and optionally the IP address of the requesting STB may be unlogged.
  • the headend 10 receives the IGMP request to join the newly requested channel (channel 3).
  • the headend 10 continues and optionally logs the IP address of the requesting STB 70.
  • the newly requested channel (channel 3) is streamed on to the requesting link by the headend 10 and optionally the IP address of requesting the STB is logged.
  • the ONU 30 receives the video packets of the requested channel.
  • the ONU ceases forwarding the channel 2 stream to the user and instead forwards the newly requested channel stream (channel 3) onto port of the requesting STB.
  • a pay-per-view scheme can be supported as well as the pay-per-channel scheme described above.
  • the ONU 30 comprises a real-time clock (or has access to a periodic real-time signal from the network or elsewhere) a user may subscribe to a channel for a limited time period, for example:
  • the permitted list may associate a single end-time with each channel after which the channel is deleted form the permitted list, allowing immediate subscription by a user to the current channel; up to, say the end of a currently broadcast film; • the permitted list may associate both a start and end time with each channel which is then made available only between the start time and the end-time, allowing advance booking of pay-per-view services;
  • the permitted list may associate more complex time intervals with any given channel so as to support, for example, subscription to a particular channel only up until 9:00 p.m. where, for example, a channel provider operates a voluntary ban on transmission of "adult" channel content before that time in the evening.
  • Other options include time-of-day, and time-of-week constraints, for which differing subscription rates might apply, etc.
  • Time limits on availability could also be implemented by active control for the head end, by the sending of specific add/remove control messages to the ONU to cause the permitted list to be updated. This would obviate the provision of a real-time clock in each ONU.
  • the permitted list used to vet channel request may be associated either with the
  • ONU as a whole, and therefore apply equally to each STB or PC receiving service through it, or to each individual STB/PC receiving service.
  • distinct STB's may have separate channel access controls applied to support, for example, parental control of children's viewing: STB's in children's rooms receive only channels targeted to children; "adult" material subscribed to is available only to adults in the household.
  • a second ONU 30a is shown connected, via the access network, to OLT 120.
  • the arrangement also has a customer premises network 81 connected to a user port on the ONU.
  • the customer premises network comprises an STB 812 and a PC 811 connected via a switch 813 (for example an Ethernet switch) to the access connection to ONU 30a.
  • a single ONU may support several customer premises (for example in a multiple dwelling unit, or along a street).
  • the ONU may comprise permitted channel lists per ONU customer port, or per STB/PC. Whilst this arrangement increases the complexity of the ONU, it reduces the number of ONU to be deployed thereby potentially reducing operator costs.
  • the present invention can be applied to other services delivered using multicast, such as audio, software distribution and general push- oriented content delivery.

Abstract

A method of providing secure multicast over a local access network by means of a network access unit having a channel request vetting function and a permitted channel list. Channel requests from a subscriber are vetted with respect to the permitted channel list and forwarded only if permitted. The permitted list may be dynamically updated under headend control to allow users to subscribe to, and unsubscribe from, services upon request.

Description

ACCESS CONTROL ENHANCEMENTS, NETWORK ACCESS UNIT AND SERVICE PROVIDER SERVER FO R DELIVERY OF VIDEO AND OTHER SERVICES
ACCESS CONTROL ENHANCEMENTS FOR DELIVERY OF VIDEO AND
OTHER SERVICES
FIELD OF THE INVENTION
5 The present invention relates to a method and apparatus for secure delivery of services over local access networks, and in particular shared medium access networks, and a system incorporating the same.
BACKGROUND TO THE INVENTION
This invention relates to shared medium access networks, such as satellite, 10 LMDS, UMTS, cable modem or fibre in the loop access networks, in particular to fibre to the home (FTTH). The following description relates to FTTH, but it will easily be seen how it applies to other scenarios with similar characteristics. FTTH networks can be made more economic by sharing fibre facilities and head end equipment across a number of customers. Passive Optical Networks (PONs) 15 fall into this category. In such a network, a single head end node, normally physically located on the network provider's premises, connects to a number of customer located outstations via a passive optical splitter (POS) which provides a fanout to (typically) 16 outstations.
Traffic transmitted in the downstream direction (from the head end to the 20 outstations) appears at all outstations and is selected by a given outstation based on an address included in a header associated with each data packet. In the upstream direction a multiple access protocol is used to ensure that only one outstation transmits information at a time.
Such networks can be used to transmit multiple services to a customer, including 25 video services and data services. On the customer premises an Optical Network
Unit (ONU) connects to the fibre network and provides one or more interfaces to which the customer can attach end user equipment. This equipment might include one or more Set Top Boxes (STBs) for interfacing video services to a television set and one or more personal computers. Each of these devices could 30 connect via, for example, an Ethernet interface.
The ONU will normally be supplied by the network operator who can control the software included within the ONU itself. Devices attached to the Ethernet interfaces, however, are often outside the control of the network operator and the end user may therefore be able to load software which is outside the control of the network operator.
Video services consist of television channels which can be selected for viewing by individual end users and can be classified into two categories: multicast and
Video on Demand (VOD). Multicast video channels are viewed simultaneously by a number of users. Such channels may include, for example, standard broadcast channels, subscription channels (where the user pays a monthly fee for the right to view the channel whenever he wants) and pay per view channels (where the user pays to view a particular programme). VOD channels are programmes requested by a particular user and supplied only to that user. Each VOD channel requires a dedicated data path from a video server within the network. Multicast channels avoid dedicated paths from the server to each user by including multicasting features in the data path, typically using a router situated at the head end of the access network. When the first user requests a multicast channel, that channel is delivered to the head end router from the server and a connection is made through the router to the access network. If another user subsequently requests to view the same channel, a second connection is made within the router to cause the channel to be sent out on the interface to which the second user is connected. Since the second user is joining an existing channel, no additional data capacity is required on the link between the server and the router. Protocols exist for signalling from an end user device to a router to join and leave a multicast group. When the data transmission is based on Internet Protocol (IP), a multicast signalling protocol known as Internet Group Management Protocol (IGMP) may be used. Conventionally in IP networks, a multicast stream is given a destination IP address drawn from a group of addresses reserved for multicast IP packets. Similarly, when using Ethernet as the medium access control (MAC) layer, the destination MAC address is drawn from a group of addresses reserved for multicast Ethernet frames. Thus at both the IP layer and the MAC layer, the address used represents the content of the multicast data stream rather than identifying a specific destination.
An algorithm for mapping IP layer multicast addresses to MAC layer multicast addresses is given in the Internet Engineering Task Force (IETF) Request for Comment (RFC) 1112. This is a many to one mapping where a single MAC address could represent many different schemes. In systems using this mapping, the multicast channel cannot be identified uniquely at the MAC layer and the IP layer destination address must be checked to guarantee uniqueness. ln a variation of the multicast protocol, known as source specific multicast (SSM), both the source IP address and the destination IP address are required to identify uniquely a specific multicast stream. In a system using SSM the destination multicast MAC address is not guaranteed to be unique. Since current protocols do not reflect the source IP address in the source MAC address, SSM channels cannot be uniquely identified at the MAC layer and the source address at the IP layer must be checked.
A problem arises when the end user connection is a shared medium network (such as a PON): a multicast stream will be delivered to the ONUs situated on the premises of all end users on the PON whenever one of the users requests that stream and, by listening to traffic on that address, a second user would be able to view the service even though he may not have paid to receive it. This could lead to loss of revenues to the content provider which is highly undesirable.
OBJECT OF THE INVENTION
The invention seeks to provide an improved method and apparatus for overcoming one or more problems associated with the prior art.
SUMMARY OF THE INVENTION
According to one aspect of the present invention there is provided a network access unit for restricting user access to signals transmitted on a local access network and comprising: a port for receiving a channel request from a user; a channel request vetting unit for vetting the request with respect to a predetermined list of permitted channels; a transmitter for forwarding the channel request responsive to the vetting.
In one preferred embodiment the unit also comprises: a receiver arranged to receive control signals from a network headend for updating the permitted list.
In a further preferred embodiment, a time is associated with at least one channel in the predetermined list of channels and in which the channel vetting unit vets a request for the at least one channel with respect to the time.
In a further preferred embodiment, the local access network is a shared medium access network.
In a further preferred embodiment, the unit is arranged to receive signals over an optical medium. According to a further aspect of the present invention there is provided a customer premises equipment comprising a network access unit according to claim 1.
According to a further aspect of the present invention there is provided an optical access network comprising a network access unit according to claim 1.
According to a further aspect of the present invention there is provided a content service provider server arranged for connection to a network and comprising: a transmitter for transmitting one or more content channels and channel control signals to a remote network access unit containing a permitted channel list; in which the control signals are intended to update the permitted channel list so as to control subscriber access to the transmitted content channels.
Preferably, the control signals contain time-related information for association in the permitted list with one or more channels.
The invention also provides for a telecommunications system which comprises one or more instances of apparatus embodying the present invention, together with other additional apparatus.
The invention is also directed to a method by which the described apparatus operates and including method steps for carrying out every function of the apparatus.
In particular according to a further aspect of the present invention there is provided a method of restricting user access to signals transmitted on a local access network comprising the steps of: receiving a channel request from a user at a first port; vetting the request with respect to a predetermined list of permitted channels; forwarding the request responsive to the vetting.
Preferably, the method also comprises the steps of: receiving a control signal from a network headend; updating the permitted list responsive to the control signal.
Preferably, the method also comprises the steps of: associating a time with at least one channel in the predetermined list of channels; vetting the request with respect to the time.
Preferably, the channel request is carried in an IGMP message. According to a further aspect of the present invention there is provided a method of operating a service provider server comprising the steps of : transmitting one or more content channels and channel control signals to a remote network access unit containing a permitted channel list; in which the control signals are intended to update the permitted channel list so as to control subscriber access to the transmitted control channels.
Preferably, the method also comprises the steps of: receiving a user initiated request to change channel subscription details; transmitting a permitted channel list update signal responsive thereto to a remote network access unit associated with the user.
According to a further aspect of the present invention there is provided a use of an IGMP vetting function in customer premises equipment to provide secure multicast over a network.
According to a further aspect of the present invention there is provided a use of an IGMP vetting function and a network receive address filter in customer premises equipment to provide secure multicast over a network.
The invention is also directed to a program for a computer, comprising components arranged to perform each of the method functions.
In particular, according to a further aspect of the present invention there is provided a program for a computer on a machine readable medium arranged to: receive a channel request from a user at a first port; vet the request with respect to a predetermined list of permitted channels; forward the request responsive to the vetting.
In particular, according to a further aspect of the present invention there is provided a control signal intended for transmission to a network access unit having a permitted channel list, comprising at least one message comprising network access unit permitted channel list update information.
Preferably, the at least one message contains time-related information for association in the permitted channel list with one or more channels.
Preferably, the control signals comprise IGMP messages.
Advantageously, the aspects of the present invention provide improved security for multicast services (for example multicast video) with minimum increase in ONU complexity. The preferred features may be combined as appropriate, as would be apparent to a skilled person, and may be combined with any of the aspects of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to show how the invention may be carried into effect, embodiments of the invention are now described below by way of example only and with reference to the accompanying figures in which:
Figure 1 shows a schematic diagram of a telecommunications network in accordance with the present invention;
Figure 2 shows a schematic diagram of an Optical Network Unit (ONU) in accordance with the present invention;
Figure 3 shows an example of multi-cast broadcast channel packages arrangement in accordance with the present invention; and
Figure 4 shows a further schematic diagram of a telecommunications network in accordance with the present invention.
DETAILED DESCRIPTION OF INVENTION
Referring to Figure 1 , there is shown a system overview of one possible embodiment of an end-to-end network for delivery of multicast video services incorporating a Passive Optical Network (PON) based access network. Only those elements relevant to the present invention are shown.
The headend 10 comprises a Router 110 and one or more Optical Line Termination units (OLTs) 120-121. The Router comprises a Packet Forwarder 111 and a signal processor 112 In the downstream direction, each OLT receives packets from the router, adds any protocol and control information needed to implement the PON protocol and converts the data stream to an optical signal for transmission onto the shared optical medium 20 to one or more end users. In the upstream direction, the OLT 120 receives an optical signal which has been multiplexed onto the medium by one or more ONUs 30, and extracts the data stream to be sent to the Router for onward transmission. Optionally, the OLTs 120-121 may be physically integrated into the head end router 110. A Video Server 40 acts as the source of multiple multicast video programmes, each of which is transmitted as a separate packet stream identified by an address in the packet header. Typically, the data link 60 to the server will be a packet switched path across an IP network. In a practical system, multiple additional servers would be used to deliver many services to the end user.
A Billing and Administration function, or unit, 50 holds information identifying which multicast streams each end user is entitled to receive.
In the example network shown, each OLT connects to an optical network incorporating a signal splitter 210 such that a single OLT is able to exchange information with multiple ONUs 30 situated on end user premises. In a preferred embodiment the signal splitter 210 is a passive optical splitter.
Each ONU may connect to one or more end user information devices such as television Set Top Boxes (STBs) 70-71 and Personal Computers (PCs) 80 for video and data applications respectively.
Figure 2 shows an example of ONU 30 in more detail. A Network Receive function 31 converts downstream optical signals from the network connection 211 into electrical signals and passes on to the Packet Filter 32 only those information packets intended for the attached user. Other packets directed to other PON users are blocked. The addresses of packets to be passed through are contained in the Address List 33. In this arrangement, the Address List may be modified dynamically according to the video channel requested by the end user.
The Packet Filter 32 extracts from the packet stream those packets which are directed to the Management Processor function 34 within the ONU. Other packets are passed on to the Ethernet Switch 35 to which multiple end user information devices 70-71 , 80 are connected.
Information packets received by the ONU from end user devices 70-71 , 80 pass via the Ethernet Switch 35 to the Control Packet Filter 36. Channel change requests from the end user are encapsulated into control packets by the Set Top Box 70-71 , and PC 80 and sent to the ONU. Packets recognised as multicast video control packets are extracted and passed to the IGMP Vetting function 37. Other packets are forwarded to the Network Transmit function 38 which implements the PON upstream transmission protocol and sends packets 212 via the local PON to the head end 10 at the appropriate time. Multicast control packets sent to the IGMP Vetting function 37 are checked against the Permitted Channels list 39. If the requesting user is eligible to receive the requested channel, the IGMP Vetting function forwards the request to the head end via Network Transmit function 38.
Optionally, instead of blocking a request for a prohibited channel, the IGMP
Vetting function 37 may modify the content of the request packet and forward to the network a modified request to connect the end user device to a video stream inviting the user to subscribe to the service he has requested but is not yet eligible to receive.
Forwarding the IGMP request to the headend 10 when it is not present in the permitted channel list would cause the head end router to add the stream to the composite data stream transmitted on the shared downstream medium. A malicious user could initiate many (multi-cast) channel joins, thus increasing the amount of capacity occupied on the downstream link and potentially denying service to others. Consequently, requests for channels not on the permitted channel list are preferably not forwarded.
It would be technically possible to reduce the susceptibility to denial of service attacks by intercepting IGMP messages in the head end router, but this would require non-standard features in the router and may not scale well when large numbers of customers are connected.
Unless additional capabilities are added in the ONU, as described above, theft of service can only be addressed in the router by including encryption of the multicast streams within the head end equipment using additional hardware processing data streams at the line rate of the access network. Decryption in the ONU would increase complexity in a cost-sensitive area of the system.
It is desirable that the end user should be made aware when he requests channels he is not authorised to receive.
If the user makes repeated such attempts it may also be desirable to inform the management system, either as part of a policing function or a marketing opportunity.
Optionally, if the Vetting function detects (multiple) attempts to connect to unauthorised channels, the ONU 30 may send a message to the Billing and Administration system 50. Once it is determined that the user is eligible to receive a requested channel, the Management Processor 34 is notified and it adds to the Address List 33 the multicast address which will be used in information packets carrying data for the selected channel. Such packets are then allowed through the Network Receive function 31 and forwarded to the Ethernet Switch 34 and thence to the end user information device 70-71 , 80.
In the head end router 110, IGMP messages are forwarded to a Signalling Processor 112 which instructs the Packet Forwarder 111 to add the new connection to the selected multicast stream so as to cause the stream to be forwarded to the end user via the OLT. Because the vetting function in the ONU ensures that no requests for unauthorised channels are passed to the network, no additional vetting is needed in the router.
Optionally, instead of generating IGMP messages in response to user requests to change channels, the STB 70-71 , 80 may instead generate control messages in some other format which is interpreted by the ONU and translated to IGMP messages before forwarding to the OLT. The ONU then act on the interpreted messages in a way similar to that described above for incoming IGMP messages.
The Permitted List 39 is populated from the head end 10 using management messages sent as part of the downstream traffic and delivered to the
Management Processor 34 via the Packet Filter 32. The permitted list may take different forms depending on the implementation, including but not limited to: a list of specific channels which the customer is eligible to receive; a list of channels the customer is to be prevented from viewing; or a set of rules to be applied to a request to determine whether a given channel is to be permitted or not. (An example of a set of rules for this last alternative can be derived from the semantics of the Unix 'hosts.allow / hosts.deny' command.)
The system is preferably based on the Internet Protocol suite. In an ONU using bridging (MAC layer forwarding) the IGMP Vetting function 37 is preferably performed using MAC addresses; in an ONU using routing (IP layer forwarding) the IGMP Vetting function 37 is preferably performed using IP addresses. To minimise ONU complexity and improve throughput, blocking of prohibited incoming multicast channels via the Network Receive function may be performed using MAC address matching. Where the mapping from IP layer multicast addresses to MAC layer multicast addresses uses IETF RFC 1112, and the IGMP Vetting function 37 is performed using MAC addresses, the IGMP Vetting function may also optionally check the destination multicast IP address. Where the mapping from IP layer multicast addresses to MAC layer multicast addresses uses IETF RFC 1112 and blocking of prohibited incoming multicast channels via the Network Receive function is performed using MAC address matching, the Network Receive function 31 may optionally also check the IP destination address, but preferably only if the MAC layer address matching function indicates that the user may be eligible to receive the designated stream.
Where source specific multicast (SSM) is used in conjunction with IP layer vetting, the vetting function should preferably check both source and destination addresses to determine eligibility to receive a particular stream. Where SSM is used in conjunction with MAC layer vetting, the vetting function should preferably also check the IP addresses. Where SSM is used, the Network Receive function should also preferably check the IP addresses. Where SSM is used, preferably the Network Receive function should check the IP addresses only if an address match is detected at the MAC layer.
At the video IP headend, a Protocol Stack such as MPEG-2/RTP/UDP/IP/PON Multi-cast Groups may be employed. Source addresses of IP and MAC are defined and transmitted.
All available video channels may be, and ideally are, provided to the OLT. The OLT is arranged to set up and maintain receipt of all IP multi-cast channels. There may, for example be 200 channels provided by a single provider. The OLT also filters out upstream IGMP requests.
Figure 3 shows how a set of channels may be mapped to multi-cast IP addresses. The channels may be provided, on subscription or otherwise, in groups of channels, for example as a basic packages and one or more premium rate packages.
At the set top box (STB), conventionally the allowable TV channel list is loaded by a service provider each time the STB boots up. It should be noted that this feature is for the convenience of the viewer, but does not protect the service against unauthorised access from an alternative information device such as a PC. Set top boxes preferably use IGMP version 2, or a protocol having similar functionality. A method for handling a first channel request from a user on, for example set top box #1 , comprises the steps of:
1. STB 70 requests a channel (for example channe!2) by issuing a join IP multi-cast request for a specific channel IP address (for example) 225.0.1.2
2. The ONU receives IGMP join request
3. The ONU checks that the requested channel is on its list of allowable channels and sends an IGMP request for the selected channel (225.0.1.2) up to the headend unit 10 and starts listening for multicast signals on that address (225.0.1.2)
4. The headend unit 10 receives the IGMP request to join the channel (2).
• If the requested channel is already being transmitted on that link, the headend unit continues and may optionally log the IP address of the requesting STB.
• If the requested channel is not already being transmitted on that link, the requested channel is streamed on to the requesting link by the headend and optionally the IP address of the requesting STB is logged.
5. The ONU 30 receives the video packets of channel 2 and forwards these streams onto the port of the requesting STB.
An example of a method for handling a channel change request from a user on, for example set top box #1 , comprises the steps of:
1. A user on STB 70 currently watching a first channel (for example channel 2) presses a channel change to watch a second channel (for example, channel 3).
2. STB 70 transmits a leave message for channel 2 (leave IP multi-cast 225.0.1.2) and a join request for channel 3 (join IP multi-cast 225.0.1.3 )
3. The ONU 30 receives the IGMP leave request and sends it up to the headend 10. 4. The ONU 30 checks that channel 3 is on its list of allowable channels for that STB, and sends IGMP request for 225.0.1.3 up to the headend 10 and starts listening for transmission on the requested address (225.0.1.3).
5. The headend 10 receives the IGMP request to leave channel 2.
• If STB 70 was the only user requesting that channel on that link, transmission of that channel on that link may be suspended, and optionally the IP address of the requesting STB may be unlogged.
• If STB 70 was not the only user requesting that channel on that link, transmission of that channel on that link may continue, and optionally, the IP address of the requesting STB may be unlogged.
6. The headend 10 receives the IGMP request to join the newly requested channel (channel 3).
• If that channel was already being transmitted on that link, the headend 10 continues and optionally logs the IP address of the requesting STB 70.
• If that channel was not already being transmitted on that link, the newly requested channel (channel 3) is streamed on to the requesting link by the headend 10 and optionally the IP address of requesting the STB is logged.
7. The ONU 30 receives the video packets of the requested channel.
The ONU ceases forwarding the channel 2 stream to the user and instead forwards the newly requested channel stream (channel 3) onto port of the requesting STB.
By associating a time or times with a channel in permitted list, a pay-per-view scheme can be supported as well as the pay-per-channel scheme described above. In particular, if the ONU 30 comprises a real-time clock (or has access to a periodic real-time signal from the network or elsewhere) a user may subscribe to a channel for a limited time period, for example:
• the permitted list may associate a single end-time with each channel after which the channel is deleted form the permitted list, allowing immediate subscription by a user to the current channel; up to, say the end of a currently broadcast film; • the permitted list may associate both a start and end time with each channel which is then made available only between the start time and the end-time, allowing advance booking of pay-per-view services;
• the permitted list may associate more complex time intervals with any given channel so as to support, for example, subscription to a particular channel only up until 9:00 p.m. where, for example, a channel provider operates a voluntary ban on transmission of "adult" channel content before that time in the evening. Other options include time-of-day, and time-of-week constraints, for which differing subscription rates might apply, etc.
Time limits on availability could also be implemented by active control for the head end, by the sending of specific add/remove control messages to the ONU to cause the permitted list to be updated. This would obviate the provision of a real-time clock in each ONU.
The permitted list used to vet channel request may be associated either with the
ONU as a whole, and therefore apply equally to each STB or PC receiving service through it, or to each individual STB/PC receiving service. In the latter way, distinct STB's may have separate channel access controls applied to support, for example, parental control of children's viewing: STB's in children's rooms receive only channels targeted to children; "adult" material subscribed to is available only to adults in the household.
Referring now to Figure 4, the invention described above is also not limited to the direct connection of individual STB's or PC's to the ONU. In a further embodiment shown in Figure 4, a second ONU 30a is shown connected, via the access network, to OLT 120. The arrangement also has a customer premises network 81 connected to a user port on the ONU. The customer premises network comprises an STB 812 and a PC 811 connected via a switch 813 (for example an Ethernet switch) to the access connection to ONU 30a. In this way a single ONU may support several customer premises (for example in a multiple dwelling unit, or along a street). In such a configuration the ONU may comprise permitted channel lists per ONU customer port, or per STB/PC. Whilst this arrangement increases the complexity of the ONU, it reduces the number of ONU to be deployed thereby potentially reducing operator costs.
Furthermore, whilst the above description has been presented in terms of multi- cast signals and IGMP signaling and channels carried over IP, the underlying method of vetting channel requests from users is clearly independent both of the multi-cast nature of the signals requested - access to point-to-point signals in non-multi-cast networks can be controlled in the same way - and of the specific signaling and broadcast protocols used.
It will easily be seen that the present invention can be applied to other services delivered using multicast, such as audio, software distribution and general push- oriented content delivery.
Any range or device value given herein may be extended or altered without losing the effect sought, as will be apparent to the skilled person for an understanding of the teachings herein.

Claims

1. A network access unit (30) for restricting user access to signals transmitted on a local access network (20) and comprising:
a port for receiving a channel request from a user;
a channel request vetting unit (37) for vetting the request with respect to a predetermined list (39) of permitted channels;
a transmitter (38) for forwarding the channel request responsive to the vetting.
2. A network access unit according to claim 1 additionally comprising:
a receiver (31) arranged to receive control signals from a network headend for updating the permitted list.
3. A network access unit according to any one of claims 1 -2 additionally in which a time is associated with at least one channel in the predetermined list of channels and in which the channel vetting unit vets a request for the at least one channel with respect to the time.
4. A network access unit according to any one of claims 1 -3 in which the local access network is a shared medium access network.
5. A network access unit according to any one of claims 1-4 arranged to receive signals over an optical medium.
6. A customer premises equipment comprising a network access unit according to any one of claims 1 -5.
7. An optical access network comprising a network access unit according to any one of claims 1 -5.
8. A service provider server (10) arranged for connection to a network and comprising:
a transmitter (111) for transmitting one or more content channels and channel control signals to a remote network access unit (30) containing a permitted channel list (39); in which the control signals are intended to update the permitted channel list so as to control subscriber access to the transmitted content channels.
9. A service provider server according to claim 8 in which the control signals contain time-related information for association in the permitted list with one or more channels.
10. A method of restricting user access to signals transmitted on a local access network comprising the steps of:
receiving a channel request from a user at a first port;
vetting (37) the request with respect to a predetermined list of permitted channels;
forwarding (38) the request responsive to the vetting.
11. A method according to claim 10 additionally comprising the steps of:
receiving (31) a control signal from a network headend;
updating the permitted list (39) responsive to the control signal.
12. A method according to any one of claims 10-11 where additionally comprising the steps of:
associating a time with at least one channel in the predetermined list of channels;
vetting the request with respect to the time.
13. A method according to any one of claims 10-12 in which the channel request is carried in an IGMP message.
14. A method of operating a service provider server (10) comprising the steps of :
transmitting one or more content channels and channel control signals to a remote network access unit (30) containing a permitted channel list
(39);
in which the control signals are intended to update the permitted channel list so as to control subscriber access to the transmitted control channels.
15. A method according to claim 14 additionally comprising the steps of:
receiving a user initiated request to change channel subscription details;
transmitting a permitted channel list update signal responsive thereto to a remote network access unit associated with the user.
16. A use of an IGMP vetting function (37) in customer premises equipment to provide secure multicast over a network.
17. A use of an IGMP vetting function (37) and a network receive address filter (32) in customer premises equipment to provide secure multicast over a network.
18. A program for a computer on a machine readable medium arranged to:
receive a channel request from a user at a first port;
vet (37) the request with respect to a predetermined list of permitted channels (39);
forward the request responsive to the vetting (38).
19. A control signal intended for transmission to a network access unit (30) having a permitted channel list (39), comprising at least one message comprising network access unit permitted channel list update information.
20. A control signal according to claim 19 in which the at least one message contains time-related information for association in the permitted channel list (39) with one or more channels.
21. A control signal according to any one of claims 19-20 in which the control signals comprise IGMP messages.
EP01999074A 2000-11-29 2001-11-27 Access control enhancements, network access unit and service provider server for delivery of video and other services Expired - Lifetime EP1340336B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US725360 2000-11-29
US09/725,360 US6970461B2 (en) 2000-11-29 2000-11-29 Access control enhancements for delivery of video and other services
PCT/GB2001/005203 WO2002045334A1 (en) 2000-11-29 2001-11-27 Access control enhancements, network access unit and service provider server for delivery of video and other services

Publications (2)

Publication Number Publication Date
EP1340336A1 true EP1340336A1 (en) 2003-09-03
EP1340336B1 EP1340336B1 (en) 2009-07-22

Family

ID=24914225

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01999074A Expired - Lifetime EP1340336B1 (en) 2000-11-29 2001-11-27 Access control enhancements, network access unit and service provider server for delivery of video and other services

Country Status (10)

Country Link
US (1) US6970461B2 (en)
EP (1) EP1340336B1 (en)
JP (1) JP2004515158A (en)
KR (1) KR100885322B1 (en)
CN (1) CN1483258A (en)
AT (1) ATE437492T1 (en)
AU (1) AU2002222094A1 (en)
CA (2) CA2762099A1 (en)
DE (1) DE60139337D1 (en)
WO (1) WO2002045334A1 (en)

Families Citing this family (80)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7549160B1 (en) * 2000-12-21 2009-06-16 Cisco Technology, Inc. Method and system for authenticated access to internet protocol (IP) multicast traffic
EP1271825A1 (en) * 2001-06-25 2003-01-02 Lucent Technologies Inc. Method and system for multiplexed optical information transport
US7269182B1 (en) * 2001-10-22 2007-09-11 Redback Networks Inc. Method and apparatus for PPPoE multicast
JP3914036B2 (en) * 2001-11-19 2007-05-16 富士通株式会社 PON communication master and slave units
US7411980B2 (en) * 2001-12-14 2008-08-12 Broadcom Corporation Filtering and forwarding frames within an optical network
US7181142B1 (en) 2002-04-09 2007-02-20 Time Warner Cable Inc. Broadband optical network apparatus and method
KR100454958B1 (en) * 2002-04-18 2004-11-06 삼성전자주식회사 Method for changing the channel of digital broadcasting service
US7035657B2 (en) * 2002-05-08 2006-04-25 Qualcomm Inc. Method and apparatus for supporting application-layer media multicasting
AU2003245355A1 (en) * 2002-05-31 2003-12-19 Optical Solutions, Inc. Delivering multicast streams in a passive optical network
US7936752B2 (en) * 2002-07-31 2011-05-03 Cisco Technology, Inc. Source specific multicast group to source mapping
KR100893070B1 (en) 2002-09-19 2009-04-17 엘지전자 주식회사 Method and apparatus for providing and receiving multicast service in a radio communication system
CN100341305C (en) * 2002-11-26 2007-10-03 华为技术有限公司 Protocol 802.1X based multicast control method
US7228356B2 (en) * 2002-12-12 2007-06-05 Alcatel Canada Inc. IGMP expedited leave triggered by MAC address
KR100527342B1 (en) * 2002-12-18 2005-11-09 한국전자통신연구원 Digital broadcast system in passive optical network
EP1584157B1 (en) * 2003-01-16 2006-11-02 Sony United Kingdom Limited Video/audio network
US7925162B2 (en) * 2003-07-03 2011-04-12 Soto Alexander I Communication system and method for an optical local area network
US8958697B2 (en) 2003-06-10 2015-02-17 Alexander I. Soto System and method for optical layer management in optical modules and remote control of optical modules
US7450551B2 (en) * 2003-07-14 2008-11-11 Samsung Electronics Co., Ltd. Multicast transmission method in GEM mode in Gigabit-capable passive optical network and method of processing frame
JP4294027B2 (en) * 2003-07-18 2009-07-08 富士通株式会社 Communications system
US20050185635A1 (en) * 2003-07-30 2005-08-25 C.L. Nagendra Virtual service provider system and method for delivering media services to an end user
US7289501B2 (en) * 2003-11-06 2007-10-30 Teknovus, Inc. Method and apparatus for bandwidth-efficient multicast in ethernet passive optical networks
FR2862835B1 (en) 2003-11-24 2006-04-14 Medialive SECURED AND CUSTOMIZED DIFFUSION OF AUDIOVISUAL FLOWS BY A UNICAST / MULTICAST HYBRID SYSTEM
US20050125420A1 (en) * 2003-12-03 2005-06-09 Allen Tsz-Chiu Wong System and method of operating the system that prevents multiple channels from continuously being sent to the same set top box
EP1545059B1 (en) * 2003-12-16 2007-03-07 Alcatel System comprising a terminal system, an access multiplexer and a network
KR100557188B1 (en) * 2004-01-29 2006-03-03 삼성전자주식회사 ONU Apparatus for Discriminative EPG Information and Its Program Alarm Method
US7418003B1 (en) 2004-02-12 2008-08-26 Cisco Systems, Inc. PIM sparse mode to source specific multicast conversion
WO2005084025A1 (en) * 2004-02-18 2005-09-09 Thomson Licensing Method and apparatus for optimizing bandwith in broadcast/multicast video systems
US9413487B2 (en) * 2004-06-01 2016-08-09 Alcatel Lucent System and method for providing packetized video over an optical network
CN100440966C (en) * 2004-09-23 2008-12-03 华为技术有限公司 Method of realizing group broadcasting video frequency program previewing in broadband cut-in network
KR100632185B1 (en) * 2004-10-15 2006-10-11 한국전자통신연구원 Home gateway system for proffering function of matching of optical communication packet data and method for proffering broadcast service in home as the same
US20060153088A1 (en) * 2004-11-23 2006-07-13 Wong Allen T Method and system of insuring that a user receives a multicast television signal when changing channels during a control mode switch over
KR100639973B1 (en) * 2004-11-30 2006-11-01 한국전자통신연구원 Method for acquiring of channel information and registering for reception of multicast based IP TV broadcasting in access network
US20060159091A1 (en) * 2005-01-19 2006-07-20 Arjen Boers Active multicast information protocol
CN100488163C (en) * 2005-01-19 2009-05-13 华为技术有限公司 Multicast service processing method and system
IL166456A0 (en) * 2005-01-24 2006-01-15 Eci Telecom Ltd Provisioning of services to multiple customers viaa passive optical network (pon)
CN101166265B (en) * 2005-01-24 2011-06-01 华为技术有限公司 An access method for broadband video service
CN100414876C (en) * 2005-01-24 2008-08-27 华为技术有限公司 Method for switching on broadband video frequency business
CN1838766B (en) * 2005-03-22 2010-08-25 华为技术有限公司 IP broadband video service words list generating method
US8533750B2 (en) 2005-03-22 2013-09-10 Huawei Technologies Co., Ltd. Method and access device for generating IP broadband video service bill
US20070088817A1 (en) * 2005-10-14 2007-04-19 Microsoft Corporation Shared video service
CN103945169B (en) * 2005-10-26 2018-09-28 汤姆森许可贸易公司 System and method for transmitting satellite service with multiple safe classes
WO2007050066A1 (en) * 2005-10-26 2007-05-03 Thomson Licensing A system and method for delivering satellite services at multiple security levels
FR2895632A1 (en) * 2005-12-22 2007-06-29 Gemplus Sa CONTROLLING ACCESS TO MULTICAST MODE SERVICES IN A TERMINAL DEVICE
WO2007073762A1 (en) * 2005-12-28 2007-07-05 Telecom Italia S.P.A Method and system for managing multicast delivery content in communication networks
CN1997240B (en) * 2006-01-04 2010-12-08 华为技术有限公司 Control method and system for passive optical network broadcast traffic and passive optical network terminal
CN1852119A (en) * 2006-02-28 2006-10-25 华为技术有限公司 Method for charging in times to multicast performance
CN101048008B (en) * 2006-03-31 2012-08-29 株式会社日立制作所 Channel switchover system and method for IPTV service in passive optical network
CN101048010B (en) * 2006-03-31 2013-02-27 株式会社日立制作所 Method and device for implementing memory function in passive optical network system
US20070245398A1 (en) * 2006-04-12 2007-10-18 Bellsouth Intellectual Property Corporation Universal parental control
CN1863045B (en) * 2006-06-02 2010-09-08 中国移动通信集团公司 Method for receiving and deleting media data key
CN101119290B (en) * 2006-08-01 2011-06-01 华为技术有限公司 Ethernet supporting source specific multicast forwarding method and system
CN1946173A (en) * 2006-10-10 2007-04-11 华为技术有限公司 IPTV direct broadcast service control method, system and device
KR100859712B1 (en) * 2006-12-08 2008-09-23 한국전자통신연구원 Apparatus for blocking forged multicast source packets and method thereof
US20080175244A1 (en) * 2007-01-24 2008-07-24 Lockheed Martin Corporation Method and apparatus having a hybrid routing architecture with a combination of network layer reactive routing and subnet layer proactive routing
CN100551044C (en) * 2007-04-06 2009-10-14 华为技术有限公司 Realize method, equipment and the system of net cast
US20080294561A1 (en) * 2007-05-22 2008-11-27 Microsoft Corporation Media content deciphered when initiated for playback
US20090019469A1 (en) * 2007-07-11 2009-01-15 Telefonaktiebolaget Lm Ericsson (Publ) Dynamic update of channel filtering information in iptv systems
US20090067840A1 (en) * 2007-09-07 2009-03-12 Bernard Marc R Method of providing multi-staged IP filters in a point-to-multipoint environment
US8973058B2 (en) * 2007-09-11 2015-03-03 The Directv Group, Inc. Method and system for monitoring and simultaneously displaying a plurality of signal channels in a communication system
US8160447B2 (en) * 2007-10-17 2012-04-17 Hitachi, Ltd. Communication system using passive optical network and passive optical network
US7860121B2 (en) * 2007-10-31 2010-12-28 Cortina Systems, Inc. Forwarding loop prevention apparatus and methods
US20090154349A1 (en) * 2007-12-12 2009-06-18 Bernard Marc R Method and apparatus for managing traffic flow of forwarding entries through a virtual forwarding database of a network node
US8051445B2 (en) * 2008-01-31 2011-11-01 Microsoft Corporation Advertisement insertion
EP2279583B1 (en) 2008-05-21 2013-01-02 Telefonaktiebolaget LM Ericsson (publ) Access control for an ip access network to multicast traffic
US20110191683A1 (en) * 2009-12-04 2011-08-04 Dillard Daniel G Methods and Systems to Enhance Advisor-Client Communications
EP2556646B1 (en) 2010-04-09 2016-12-21 Orange Method of accessing a broadcast data flow
US8995439B2 (en) 2010-05-13 2015-03-31 Comcast Cable Communications, Llc Control of multicast content distribution
US9559855B2 (en) 2010-05-20 2017-01-31 Cisco Technology, Inc. System and method for providing multicast delivery in a network environment
US9063656B2 (en) * 2010-06-24 2015-06-23 Dell Gloval B.V.—Singapore Branch System and methods for digest-based storage
US20120011536A1 (en) * 2010-07-09 2012-01-12 Alcatel-Lucent Usa Inc. Method and apparatus for providing access to a subscription broadcast channel on demand via a communications network
US9847888B2 (en) * 2011-08-29 2017-12-19 Google Technology Holdings LLC Controlling content access and related actions on a DLNA network
JP5124681B1 (en) * 2011-12-16 2013-01-23 シャープ株式会社 Content service system
JP6146829B2 (en) * 2012-05-02 2017-06-14 ▲ホア▼▲ウェイ▼技術有限公司Huawei Technologies Co.,Ltd. Method and apparatus for controlling a network device
US9363227B2 (en) 2012-08-17 2016-06-07 Cisco Technology, Inc. Multicast source in group address mapping
JP5250149B2 (en) * 2012-10-26 2013-07-31 シャープ株式会社 Content service system
US9948399B2 (en) 2015-01-09 2018-04-17 Time Warner Cable Enterprises Llc Methods and apparatus for removing beat interference from splitters/combiners
US9674591B2 (en) 2015-06-08 2017-06-06 Time Warner Cable Enterprises Llc Methods and apparatus for asymmetric distribution of mixed content via a network
US10355923B2 (en) 2015-11-02 2019-07-16 Mobitv, Inc. Self-configuration of wireless connections
JP7170621B2 (en) * 2018-12-10 2022-11-14 株式会社東芝 CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION DEVICE, AND METHOD
CN115550736B (en) * 2022-12-02 2023-05-05 浙江宇视科技有限公司 Video privacy zone acquisition and transmission methods, devices, electronic equipment and medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3223155A1 (en) * 1982-06-22 1983-12-22 Audi Nsu Auto Union Ag, 7107 Neckarsulm DISC MOUNT
SE515497C2 (en) 1995-12-11 2001-08-13 Telia Ab Device at LAN emulation standard
US6009099A (en) * 1996-08-30 1999-12-28 Alcatel Usa Sourcing, L.P. Method of delivering video information over a telecommunications network
US6138144A (en) 1997-06-24 2000-10-24 At&T Corp. Method for managing multicast addresses for transmitting and receiving multimedia conferencing information on an internet protocol (IP) network implemented over an ATM network
US6259701B1 (en) 1997-09-11 2001-07-10 At&T Corp. Method and system for a unicast endpoint client to access a multicast internet protocol (IP) session
JPH11234326A (en) * 1998-02-12 1999-08-27 Nippon Telegr & Teleph Corp <Ntt> Information distribution system
KR100301014B1 (en) 1998-08-17 2001-09-06 윤종용 Channel selecting apparatus and method therefor
CA2279468A1 (en) 1998-10-13 2000-04-13 Joseph Thomas O'neil Method and apparatus to provide a secure multicast transmission
FI106593B (en) 1999-02-15 2001-02-28 Valtion Teknillinen IP multicast service without return connection
US7174126B2 (en) * 2002-05-03 2007-02-06 Time Warner Interactive Video Group Inc. Technique for effectively accessing programming listing information in an entertainment delivery system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0245334A1 *

Also Published As

Publication number Publication date
US20040240466A1 (en) 2004-12-02
JP2004515158A (en) 2004-05-20
WO2002045334A1 (en) 2002-06-06
KR20030059825A (en) 2003-07-10
AU2002222094A1 (en) 2002-06-11
CA2430350A1 (en) 2002-06-06
DE60139337D1 (en) 2009-09-03
ATE437492T1 (en) 2009-08-15
US6970461B2 (en) 2005-11-29
CN1483258A (en) 2004-03-17
CA2430350C (en) 2012-04-17
EP1340336B1 (en) 2009-07-22
CA2762099A1 (en) 2002-06-06
KR100885322B1 (en) 2009-02-25

Similar Documents

Publication Publication Date Title
US6970461B2 (en) Access control enhancements for delivery of video and other services
US7924835B2 (en) Method and device for providing multicast services to multiple customers
JP4919859B2 (en) Channel switching system and method for IPTV services in a passive optical network
CA2473324C (en) System and method for managing provisioning parameters in a cable network
EP2387178B1 (en) Control of multicast content distribution
US8370889B2 (en) Switched digital video client reverse channel traffic reduction
EP2005745B1 (en) Delivery of subscription services to roaming users through head end equipment
US8254385B2 (en) Internet protocol multicast content delivery
US20080313669A1 (en) Targeted Advertisement Insertion with Interface Device Assisted Switching
US20060176835A1 (en) System and method for providing internet protocol based broadcast services
US20050220132A1 (en) Multicast
KR19990022019A (en) Video pedestal network
US20050152366A1 (en) Delivering cable television over a network agnostic platform
US7971247B2 (en) Methods and apparatus for prevention of excessive control message traffic in a digital networking system
Ikeda et al. Architecture and design of IP broadcasting system using passive optical network
WO2006077575A1 (en) Delivery of secured multicast services to multiple customers via a passive optical network (pon)
US20120243537A1 (en) Transmission of content through access network
Hahn et al. A new method of Internet access within a DBS environment
EP2161895A1 (en) Method and device for data processing in an access node and communication system comprising such device
Tanabe et al. IGAP: IP Multicast Management Protocol that can collaborate with User Authentication

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030630

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17Q First examination report despatched

Effective date: 20050309

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 12/56 20060101ALI20081114BHEP

Ipc: H04L 29/06 20060101ALI20081114BHEP

Ipc: H04L 9/00 20060101AFI20081114BHEP

Ipc: H04N 7/173 20060101ALI20081114BHEP

Ipc: H04L 12/18 20060101ALI20081114BHEP

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RIN1 Information on inventor provided before grant (corrected)

Inventor name: UNITT, BRIAN

Inventor name: CABLE, JULIAN

Inventor name: GRANT, MICHAEL

Inventor name: PINO, LOU

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REF Corresponds to:

Ref document number: 60139337

Country of ref document: DE

Date of ref document: 20090903

Kind code of ref document: P

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091102

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091122

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

26N No opposition filed

Effective date: 20100423

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20091130

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20091130

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091023

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20091130

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20091127

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20091127

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20090722

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 15

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20161123

Year of fee payment: 16

Ref country code: GB

Payment date: 20161123

Year of fee payment: 16

Ref country code: FR

Payment date: 20161014

Year of fee payment: 16

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 60139337

Country of ref document: DE

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20171127

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20180731

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20180602

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171130

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171127